Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-14120

Опубликовано: 03 сент. 2017
Источник: debian
EPSS Низкий

Описание

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
unrar-freefixed1:0.0.1+cvs20140707-2package
unrar-freeno-dsajessiepackage

Примечания

  • https://www.openwall.com/lists/oss-security/2017/08/20/1

  • Proposed patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=874059;filename=874059.diff.txt;msg=29

EPSS

Процентиль: 66%
0.00532
Низкий

Связанные уязвимости

CVSS3: 7.5
ubuntu
почти 8 лет назад

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.

CVSS3: 7.5
nvd
почти 8 лет назад

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.

CVSS3: 7.5
github
больше 3 лет назад

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.

EPSS

Процентиль: 66%
0.00532
Низкий
Уязвимость CVE-2017-14120